You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Register a free account to unlock additional features at BleepingComputer.com

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Install it using the Standard Install option. (You will be asked for your e-mail address, it is safe to give it. If you receive alerts from your firewall, allow all activities for Spy Sweeper)

You will be prompted to check for updated definitions, please do so.(This may take several minutes)

Click on Options > Sweep Options and check Sweep all Folders on Selected drives. Check Local Disc C. Under What to Sweep, check every box.

Click on Sweep and allow it to fully scan your system.

When the sweep has finished, click Remove to remove any items found.

Exit Spy Sweeper.Reboot.

Now for the other problem:You will need to refer to your printed instructions, since you will have to restart your computer during this next fix. Please make sure you have an ACTIVE internet connection as the tool will need to download additional files and a program.

Save it to your desktop and run it. Click Next, then Install, then make sure "Run fixit" is checked and click Finish. The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so.Your system may take longer than usual to load; this is NORMAL.When your system reboots, follow the prompts. Afterwards, HijackThis will launch. Please click Scan, and check the following items:

These two only if you did not set them, or if you did not have Spybot set them.O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions presentO6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

Click Fix Checked. Close HijackThis, and click OK to proceed.At the end of the fix, you may need to restart your computer again.

If you should have any connection problems following this fix, this is how to correct them:

Please go to Start -> Control Panel, and choose Network Connections. Then right-click on your default connection, usually Local Area Connection or Dial-up Connection if you are using Dial-up, and left click on properties. Double-click on the Internet Protocol (TCP/IP) item and select the radio button that says Obtain DNS servers automatically. Click OK twice, and restart your computer.

Finally, please post the contents of the logfile C:\fixwareout\report.txt, along with a new HijackThis log.

Install it using the Standard Install option. (You will be asked for your e-mail address, it is safe to give it. If you receive alerts from your firewall, allow all activities for Spy Sweeper)

You will be prompted to check for updated definitions, please do so.(This may take several minutes)

Click on Options > Sweep Options and check Sweep all Folders on Selected drives. Check Local Disc C. Under What to Sweep, check every box.

Click on Sweep and allow it to fully scan your system.

When the sweep has finished, click Remove to remove any items found.

Exit Spy Sweeper.Reboot.

Now for the other problem:You will need to refer to your printed instructions, since you will have to restart your computer during this next fix. Please make sure you have an ACTIVE internet connection as the tool will need to download additional files and a program.

Save it to your desktop and run it. Click Next, then Install, then make sure "Run fixit" is checked and click Finish. The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so.Your system may take longer than usual to load; this is NORMAL.When your system reboots, follow the prompts. Afterwards, HijackThis will launch. Please click Scan, and check the following items:

These two only if you did not set them, or if you did not have Spybot set them.O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions presentO6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

Click Fix Checked. Close HijackThis, and click OK to proceed.At the end of the fix, you may need to restart your computer again.

If you should have any connection problems following this fix, this is how to correct them:

Please go to Start -> Control Panel, and choose Network Connections. Then right-click on your default connection, usually Local Area Connection or Dial-up Connection if you are using Dial-up, and left click on properties. Double-click on the Internet Protocol (TCP/IP) item and select the radio button that says Obtain DNS servers automatically. Click OK twice, and restart your computer.

Finally, please post the contents of the logfile C:\fixwareout\report.txt, along with a new HijackThis log.

Again please print these instructions, so you can refer to them easily.

I suggest that you move HijackThis out of My Documents to a folder of its own where it can save its backups. Otherwise, the Backups folder will be in with the rest of your documents.To create a folder: Click My Computer, then C:\In the menu bar, File->New->Folder.That will create a folder named New Folder, which you can rename to "HJT" or "HijackThis". Now you have C:\HJT\ folder. Put your HijackThis.exe there. Do not scan now. We will do that later.

1. After the download is complete, double click on the file to launch the install process.2. During installation under the Additonal Options menu, you will be asked if you want to "Install background guard (required for automatic updates)" and "Install scan via context menu". Please UNCHECK both of these options.3. Once installation is complete, launch Ewido by double-clicking the big "E" icon on your desktop. The program will prompt you to update -- click the 'OK' button.4. The program will now go to the main screen. On the left hand side of the main screen, click on Update and then click 'Start Update'. The update will start and a progress bar will show the updates being installed. After the updates are installed, you will see 'Update Successful' in the lower left corner.5. Close Ewido.

Reboot into Safemode:Turn on the computer.Immediately begin tapping the F8 key (or F5 on some computers)Use the arrow keys to highlight Safe Mode and press the Enter key.

When your computer is booted into Safe Mode, then continue.

Now Click Start>> Run>> Type in Services.msc and Click OK!

Scroll that list and locate

Command Service (cmdService)(If you cannot find it, just proceed with the next steps using Hijackthis.)

Right Click that entry and Select "Properties">> Click "Stop">> Go up and Change the "Startup Type" to "Disabled"

* Click the 'Apply' tab, then click 'OK'

Open HijackThis>Config>Misc Tools>Delete an NT Service*now copy/paste the following entry in the box and click OK:

CmdService

Please scan with Hijackthis and tick this if it still exists:O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\T3duZXIA\command.exe (file missing)

Close all windows except HijackThis and click "Fix Checked".

Go to Start>Search and at the top select Tools>Folder Options Select the View tab Display the contents of system folders Show hidden files and folders Uncheck: Hide protected operating system files Click on Apply. Next go to the side of the Search box and select All files and folders. Go down to More advanced options. Be sure the first three boxes are selected: Search System folders Search Hidden Files and folders Search SubFolders

Delete the specified folder IF it still exists:C:\WINDOWS\T3duZXIA <-- Folder

Open CCleaner.

Before first use, check under Options, Settings, and ensure "Only delete files in Windows Temp folder older than 48 hours" is unchecked.

Then open it and select the items you wish to clean up.

In the Windows Tab:

I recommend cleaning all entries in the "Internet Explorer" section except Cookies.Clean all the entries in the "Windows Explorer" sectionClean all entries in the "System" sectionClean all entries in the "Advanced" section.

In the Applications Tab:

Clean all except cookies in the Firefox/Mozilla section if you use it.Clean all in the Opera section if you use it.Clean Sun Java in the Internet Section.Clean any others that you choose.

Then click the "Run Cleaner" button.When it is finished cleaning REBOOT into Safemode again.

*Click on Ewido>scannerThen select "Settings"Under the bottom section "What to Scan?" make sure "Scan every file" is checked.Select "OK" and you will return to scanning options.*Click on Complete System Scan and the scan will begin.

This scan can take quite a while to run, so please be patient .While the scan is in progress, you will be prompted to clean the first infected file it finds. Choose Clean. Then put a check next to 'Perform action on all infections' . Doing this, enables the scan to proceed automatically until its completion. Click OK

When the scan finishes, click on "Save Report". This will create a text file. Make sure you know where to find this file again. The best place to save it would probably be your Desktop.Now close ewido security suite. Reboot normally.

Go back and rehide files/folders:Go to Start>Search and at the top select Tools>Folder Options Select the View tab Display the contents of system folders Show hidden files and folders Check: Hide protected operating system files Click on Apply.

Please copy and paste the results from the Ewido scan back along with a fresh HijackThis log to this topic for review. Thanks!

*Notes: Ewido is a free trial product for 14 days. After that you can purchase it for full features OR you can also keep the free version to use as an on-demand scanner (recommended). You will still be able to manually update Ewido using the *update* button

When you reply just click "Add Reply". There is no need to quote the previous post with your reply.

Due to inactivity, this thread will now be closed.
If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you.
Include the address of this thread in your request.
If you should have a new issue, please start a new topic.
This applies only to the original topic starter. Everyone else please begin a New Topic.